diff --git a/README.md b/README.md index 0a535a0..0555a0c 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,12 @@ sudo ln -s /snap/bin/lxc /usr/local/bin/lxc sudo ln -s /snap/bin/lxd /usr/local/bin/lxd ``` +NB. : you should **make sure that your user is in the `lxd` group** so that it's +able to run `lxc` commands without sudo... You can check this with the command +`groups` where you should see `lxd`. Otherwise, add your user to this group +(don't forget that you may need to reload your entire graphical session for this +to propagate (sigh)) + Then you shall initialize LXD which will ask you a bunch of question. Usually answering the default (just pressing enter) to all questions is fine. diff --git a/build_base_lxc.sh b/build_base_lxc.sh index 2ebc2d2..8ca7dda 100755 --- a/build_base_lxc.sh +++ b/build_base_lxc.sh @@ -8,14 +8,14 @@ function rebuild_base_lxc() check_lxd_setup set -x - sudo lxc info $LXC_BASE >/dev/null && sudo lxc delete $LXC_BASE --force - sudo lxc launch images:debian/$DIST/$ARCH $LXC_BASE - sudo lxc config set $LXC_BASE security.privileged true - sudo lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason - sudo lxc restart $LXC_BASE + lxc info $LXC_BASE >/dev/null && lxc delete $LXC_BASE --force + lxc launch images:debian/$DIST/$ARCH $LXC_BASE + lxc config set $LXC_BASE security.privileged true + lxc config set $LXC_BASE security.nesting true # Need this for apparmor for some reason + lxc restart $LXC_BASE sleep 5 - IN_LXC="sudo lxc exec $LXC_BASE --" + IN_LXC="lxc exec $LXC_BASE --" INSTALL_SCRIPT="https://install.yunohost.org/$DIST" $IN_LXC apt install curl -y @@ -44,9 +44,9 @@ function rebuild_base_lxc() $IN_LXC yunohost --version - sudo lxc stop $LXC_BASE - sudo lxc image delete $LXC_BASE - sudo lxc publish $LXC_BASE --alias $LXC_BASE + lxc stop $LXC_BASE + lxc image delete $LXC_BASE + lxc publish $LXC_BASE --alias $LXC_BASE set +x } diff --git a/lib/common.sh b/lib/common.sh index d984636..c53330c 100644 --- a/lib/common.sh +++ b/lib/common.sh @@ -219,7 +219,7 @@ function self_upgrade() # Clone in another directory git clone --quiet $git_repository "./upgrade" cp -a "./upgrade/." "./." -sudo rm -r "./upgrade" +rm -r "./upgrade" # Update the version file echo "$check_version" > "$version_file" rm "./pcheck.lock" @@ -265,7 +265,7 @@ function fetch_or_upgrade_package_linter() # And replace cp -a "./package_linter_tmp/." "./package_linter/." - sudo rm -r "./package_linter_tmp" + rm -r "./package_linter_tmp" fi else log_info "Installing Package linter" diff --git a/lib/lxc.sh b/lib/lxc.sh index c26e2d4..6234615 100644 --- a/lib/lxc.sh +++ b/lib/lxc.sh @@ -5,17 +5,17 @@ #================================================= LXC_CREATE () { - sudo lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" - sudo lxc launch $LXC_BASE $LXC_NAME || clean_exit 1 - sudo lxc config set "$LXC_NAME" security.nesting true + lxc image list $LXC_BASE | grep -q -w $LXC_BASE || log_critical "The base image $LXC_BASE doesn't exist yet. Consider using the build_base_lxc.sh to create it first" + lxc launch $LXC_BASE $LXC_NAME || clean_exit 1 + lxc config set "$LXC_NAME" security.nesting true _LXC_START_AND_WAIT $LXC_NAME set_witness_files - sudo lxc snapshot $LXC_NAME snap0 + lxc snapshot $LXC_NAME snap0 } LXC_SNAPSHOT_EXISTS() { local snapname=$1 - sudo lxc list --format json \ + lxc list --format json \ | jq -e --arg LXC_NAME $LXC_NAME --arg snapname $snapname \ '.[] | select(.name==$LXC_NAME) | .snapshots[] | select(.name==$snapname)' \ >/dev/null @@ -32,16 +32,16 @@ CREATE_LXC_SNAPSHOT () { check_witness_files >&2 # Remove swap files to avoid killing the CI with huge snapshots. - sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done' - sudo lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done' + lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do swapoff $swapfile; done' + lxc exec $LXC_NAME -- bash -c 'for swapfile in $(ls /swap_* 2>/dev/null); do rm -f $swapfile; done' - sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null + lxc stop --timeout 15 $LXC_NAME 2>/dev/null # Check if the snapshot already exist if ! LXC_SNAPSHOT_EXISTS "$snapname" then log_debug "Creating snapshot $snapname ..." - sudo lxc snapshot $LXC_NAME $snapname + lxc snapshot $LXC_NAME $snapname fi _LXC_START_AND_WAIT $LXC_NAME @@ -52,9 +52,9 @@ CREATE_LXC_SNAPSHOT () { LOAD_LXC_SNAPSHOT () { local snapname=$1 log_debug "Loading snapshot $snapname ..." - sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null - sudo lxc restore $LXC_NAME $snapname - sudo lxc start $LXC_NAME + lxc stop --timeout 15 $LXC_NAME 2>/dev/null + lxc restore $LXC_NAME $snapname + lxc start $LXC_NAME _LXC_START_AND_WAIT $LXC_NAME } @@ -82,12 +82,12 @@ LXC_START () { } LXC_STOP () { - sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null + lxc stop --timeout 15 $LXC_NAME 2>/dev/null } LXC_RESET () { - sudo lxc stop --timeout 15 $LXC_NAME 2>/dev/null - sudo lxc delete $LXC_NAME 2>/dev/null + lxc stop --timeout 15 $LXC_NAME 2>/dev/null + lxc delete $LXC_NAME 2>/dev/null } @@ -95,8 +95,8 @@ _LXC_START_AND_WAIT() { restart_container() { - sudo lxc stop "$1" --timeout 15 &>/dev/null - sudo lxc start "$1" + lxc stop "$1" --timeout 15 &>/dev/null + lxc start "$1" } # Try to start the container 3 times. @@ -160,7 +160,7 @@ _LXC_START_AND_WAIT() { RUN_INSIDE_LXC() { - sudo lxc exec $LXC_NAME -- $@ + lxc exec $LXC_NAME -- $@ } diff --git a/lib/tests.sh b/lib/tests.sh index 7d81111..92ebf28 100644 --- a/lib/tests.sh +++ b/lib/tests.sh @@ -47,7 +47,7 @@ _INSTALL_APP () { sed -i "s/\$SUBDOMAIN/$SUBDOMAIN/" "$preinstall_script" sed -i "s/\$PASSWORD/$YUNO_PWD/" "$preinstall_script" # Copy the pre-install script into the container. - sudo lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh + lxc file push "$preinstall_script" "$LXC_NAME":/preinstall.sh # Then execute the script to execute the pre-install commands. LXC_START "bash /preinstall.sh" fi @@ -237,7 +237,7 @@ _VALIDATE_THAT_APP_CAN_BE_ACCESSED () { If you see this page, you have failed the test for alias_traversal issue." \ > $TEST_CONTEXT/alias_traversal.html - sudo lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html + lxc file push $TEST_CONTEXT/alias_traversal.html $LXC_NAME/var/www/html/alias_traversal.html curl --location --insecure --silent $check_domain$check_path../html/alias_traversal.html \ | grep "title" | grep --quiet "alias_traversal test" \ @@ -359,7 +359,7 @@ TEST_UPGRADE () { else # Make a backup of the directory # and Change to the specified commit - sudo cp -a "$package_path" "${package_path}_back" + cp -a "$package_path" "${package_path}_back" (cd "$package_path"; git checkout --force --quiet "$commit") LOAD_LXC_SNAPSHOT snap0 @@ -369,8 +369,8 @@ TEST_UPGRADE () { local ret=$? # Then replace the backup - sudo rm -r "$package_path" - sudo mv "${package_path}_back" "$package_path" + rm -r "$package_path" + mv "${package_path}_back" "$package_path" fi # Check if the install worked @@ -401,10 +401,10 @@ TEST_PORT_ALREADY_USED () { echo -e "[Service]\nExecStart=/bin/netcat -l -k -p $check_port\n [Install]\nWantedBy=multi-user.target" > $TEST_CONTEXT/netcat.service - sudo lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service + lxc file push $TEST_CONTEXT/netcat.service $LXC_NAME/etc/systemd/system/netcat.service # Then start this service to block this port. - LXC_START "sudo systemctl enable netcat & sudo systemctl start netcat" + LXC_START "systemctl enable netcat & systemctl start netcat" # Install the application in a LXC container _INSTALL_APP "path=$check_path" "port=$check_port" \ @@ -450,7 +450,7 @@ TEST_BACKUP_RESTORE () { [ $ret -eq 0 ] || main_result=1 # Grab the backup archive into the LXC container, and keep a copy - sudo lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups + lxc file pull -r $LXC_NAME/home/yunohost.backup/archives $TEST_CONTEXT/ynh_backups # RESTORE # Try the restore process in 2 times, first after removing the app, second after a restore of the container. @@ -475,7 +475,7 @@ TEST_BACKUP_RESTORE () { RUN_INSIDE_LXC rm -rf /home/yunohost.backup/archives # Place the copy of the backup archive in the container. - sudo lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/ + lxc file push -r $TEST_CONTEXT/ynh_backups/archives $LXC_NAME/home/yunohost.backup/ log_small_title "Restore on a fresh YunoHost system..." fi diff --git a/lib/tests_coordination.sh b/lib/tests_coordination.sh index 1041303..579175c 100644 --- a/lib/tests_coordination.sh +++ b/lib/tests_coordination.sh @@ -267,7 +267,7 @@ run_all_tests() { # Print the version of YunoHost from the LXC container log_small_title "YunoHost versions" - LXC_START "sudo yunohost --version" + LXC_START "yunohost --version" # Init the value for the current test current_test_number=1 @@ -356,7 +356,7 @@ break_before_continue () { if [ $interactive -eq 1 ] then echo "To enter a shell on the lxc:" - echo " sudo lxc exec $LXC_NAME bash" + echo " lxc exec $LXC_NAME bash" read -p "Press a key to delete the application and continue...." < /dev/tty fi }